1010 matches found
Solaris sendmail .forward Local Privilege Escalation
The remote sendmail server, according to its version number, may be vulnerable to a local privilege escalation attack when using forward files. Sun did not increase the version number of their sendmail when patching Solaris 7 and 8, so this might be a false positive on these platforms. An attacke...
CVE-2002-2047
The file preview functionality in Sketch 0.6.12 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the filename of an encapsulated Postscript EPS file...
CVE-2002-2047
The file preview functionality in Sketch 0.6.12 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the filename of an encapsulated Postscript EPS file...
CVE-2002-1377
vim 6.0 and 6.1, and possibly other versions, allows attackers to execute arbitrary commands using the libcall feature in modelines, which are not sandboxed but may be executed when vim is used to edit a malicious file, as demonstrated using mutt...
Microsoft Security Bulletin MS02-072: Unchecked Buffer in Windows Shell Could Enable System Compromise (Q329390)
-----BEGIN PGP SIGNED MESSAGE----- - ---------------------------------------------------------------------- Title: Unchecked Buffer in Windows Shell Could Enable System Compromise 329390 Date: 18 December 2002 Software: Microsoft Windows XP Impact: Run code of an attacker's choice Max Risk:...
Race condition in BRU Workstation 17.0
Backup / Restore Utility BRU ------------------------------ [email protected] - 04/09/02 About: - http://www.tolisgroup.com/ - "BRU Workstation 17.0 Backup & Restore Utility is a functionally-rich backup solution designed for commercial networked systems when the client/server capability o...
PHPGB 1.1/1.2 - PHP Code Injection
source: https://www.securityfocus.com/bid/5679/info phpGB is subject to a PHP code injection vulnerability. After bypassing authentication it is possible to inject code into the guestbook configuration file config.php by supplying malicious parameters for the savesettings.php script. The...
Web Shop Manager Security Vulnerability
Summary The Web Shop Managerhttp://www.webscriptworld.com/scripts/wsm.phtml allows you to manage a fully functional online store from a centralized web-based administration system. A security vulnerability in the product allows executing of arbitrary commands with the privileges of the script fil...
CVE-2002-0477
Standalone Macromedia Flash Player 5.0 before 5,0,30,2 allows remote attackers to execute arbitrary programs via a .SWF file containing the "exec" FSCommand...
Java webstart also allows execution of arbitrary code
It would seem that I opened up a can of worms when i created my icq + msie advisory the other day Wich presented a new way to execute arbitrary code on a users machine Java webstart is equally vulnerable Java webstart is a revolutionary way of deploying java applications and comes standard with j...
WINAMP also allows execution of arbitrary code (probably a lot more programs aswell)
It would seem that I opened up a can of worms when i created my icq + msie advisory the other day Wich presented a new way to execute arbitrary code on a users machine winamp is equally vulnerable Winamps starts skin files with the extention wsz and the mime type interface/x-winamp-skin automatic...
CVE-2002-0157
Nautilus 1.0.4 and earlier allows local users to overwrite arbitrary files via a symlink attack on the .nautilus-metafile.xml metadata file...
ht://Dig htsearch Multiple Vulnerabilities
The remote CGI htsearch allows the user to supply his own configuration file using the '-c' switch, as in : /cgi-bin/htsearch?-c/some/config/file This file is not displayed by htsearch. However, if an attacker manages to upload a configuration file to the remote server, it may make htsearch read...
Citrix Client Access Verification
Your professional opinions are appreciated. About a month ago I had posted the below as a Citrix Client Access Advisory and got several responses to the fact that it either it was not a valid vulnerabilty or that it was a default configuration problem. which may be true. but consider this. The...
CVE-2001-0973
BSCW groupware system 3.3 through 4.0.2 beta allows remote attackers to read or modify arbitrary files by uploading and extracting a tar file with a symlink into the data-bag space...
Microsoft IIS 4.0/5.0 - Device File Local Denial of Service
source: https://www.securityfocus.com/bid/2973/info Microsoft IIS is prone to denial of service attacks by local users. This issue is exploitable if the local attacker can create an .asp file which makes calls to various devices names. The local attacker must of course possess the privileges...
Microsoft IIS 4.05.0 - Device File Local Denial of Service
Microsoft IIS 4.05.0 - Device File Local Denial of Service source: https://www.securityfocus.com/bid/2973/info Microsoft IIS is prone to denial of service attacks by local users. This issue is exploitable if the local attacker can create an .asp file which makes calls to various devices names. Th...
DCForum Password File Manipukation Vulnerability (qDefense Advisory Number QDAV-5-2000-2)
DCForum Password File Manipulation Vulnerability qDefense Advisory Number QDAV-5-2000-2 Product: DCForum Vendor: D.C. Script Version Tested: DCForum 2000 1.0 Version 6.0 is believed to be vulnerable as well Severity: Remote; Any attacker may gain DCForum admin privileges, which result in...
[SECURITY] [DSA-053-1] nedit symlink attack
Package : nedit Problem type : insecure temporary file Debian-specific: no The nedit Nirvana editor package as shipped in the non-free section accompanying Debian GNU/Linux 2.2/potato had a bug in its printing code: when printing text it would create a temporary file with the to be printed text a...
Junsoft JSparm 4.0 - Logging Output File
source: https://www.securityfocus.com/bid/2515/info JSparm is the Junsoft Performance Analysis Report Maker package. This software package provides an enhanced perfmon performance monitoring package and interface, as well as a performance report generation interface. A problem with the package...